| Authorization Bypass Through User-Controlled Key | |
| Directory Traversal | |
| Server-Side Request Forgery (SSRF) | |
| CVE-2026-12151 | |
| GHSA-p6gq-j5cr-w38f | |
| CVE-2026-5079 | |
| CVE-2026-12143 | |
| Resource Exhaustion | |
| Uncontrolled Recursion | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| Arbitrary Code Injection | |
| CVE-2025-13204 | |
| CVE-2026-48068 | |
| CVE-2026-48069 | |
| Information Exposure | |
| Information Exposure | |
| Resource Exhaustion | |
| Arbitrary Code Injection | |
| Server-Side Request Forgery (SSRF) | |
| Directory Traversal | |
| CVE-2026-8723 | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| Unintended Proxy or Intermediary ('Confused Deputy') | |
| Uncontrolled Recursion | |
| Use of Uninitialized Resource | |
| Allocation of Resources Without Limits or Throttling | |
| Improper Authorization | |
| Link Following | |
| Arbitrary Command Injection | |
| Improper Input Validation | |
| CVE-2026-6321 | |
| CVE-2026-6322 | |
| Deserialization of Untrusted Data | |
| Arbitrary Code Injection | |
| Improper Handling of Unicode Encoding | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| Arbitrary Code Injection | |
| Resource Exhaustion | |
| Uncontrolled Recursion | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| Cross-site Scripting (XSS) | |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | |
| Permissive Whitelist | |
| Improper Encoding or Escaping of Output | |
| Allocation of Resources Without Limits or Throttling | |
| Uncontrolled Recursion | |
| Improper Authentication | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| Permissive Whitelist | |
| HTTP Response Splitting | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| CRLF Injection | |
| CVE-2026-3520 | |
| Improper Check for Unusual or Exceptional Conditions | |
| Race Condition | |
| Uncontrolled Recursion | |
| Inefficient Regular Expression Complexity | |
| Improper Input Validation | |
| Server-Side Request Forgery (SSRF) | |
| CVE-2026-4926 | |
| Server-Side Request Forgery (SSRF) | |
| CVE-2026-33864 | |
| Improper Check or Handling of Exceptional Conditions | |
| SQL Injection | |
| GHSA-39q2-94rc-95cp | |
| CVE-2026-1528 | |
| CVE-2025-7338 | |
| Allocation of Resources Without Limits or Throttling | |
| Server-Side Request Forgery (SSRF) | |
| Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| Race Condition | |
| GHSA-6v7q-wjvx-w8wg | |
| Resource Exhaustion | |
| Uncontrolled Recursion | |
| Inefficient Regular Expression Complexity | |
| Server-Side Request Forgery (SSRF) | |
| Link Following | |
| XML Injection | |
| HTTP Response Splitting | |
| CVE-2026-2739 | |
| Allocation of Resources Without Limits or Throttling | |
| CVE-2026-1525 | |
| GHSA-r4q5-vmmm-2653 | |
| CVE-2024-37168 | |
| Inefficient Regular Expression Complexity | |
| XML Injection | |
| GHSA-c7w3-x93f-qmm8 | |
| Incorrect Regular Expression | |
| XML Injection | |
| Directory Traversal | |
| Improper Validation of Specified Quantity in Input | |
| Directory Traversal | |
| CVE-2026-1527 | |
| CVE-2026-33863 | |
| CVE-2026-4800 | |
| CVE-2025-15284 | |
| Cross-site Scripting (XSS) | |
| Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') | |
| CVE-2026-4923 | |
| Unintended Proxy or Intermediary ('Confused Deputy') | |
| Inefficient Regular Expression Complexity | |
| Allocation of Resources Without Limits or Throttling | |
| Memory Leak | |
| Cross-site Scripting (XSS) | |
| Inefficient Regular Expression Complexity | |
| Uncaught Exception | |
| Use of Insufficiently Random Values | |
| Resource Exhaustion | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Buffer Overflow | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| CVE-2026-3455 | |
| Directory Traversal | |
| Deserialization of Untrusted Data | |
| CVE-2024-12905 | |
| CVE-2026-4867 | |
| CVE-2026-2950 | |
| CVE-2024-37890 | |
| Resource Exhaustion | |
| Algorithmic Complexity | |
| GHSA-6475-r3vj-m8vf | |
| CVE-2026-2359 | |
| XML Injection | |
| Cross-site Scripting (XSS) | |
| Information Exposure | |
| CVE-2026-2229 | |
| CVE-2026-1526 | |
| CVE-2025-13465 | |
| Arbitrary Code Injection | |
| Resource Exhaustion | |
| CVE-2026-3304 | |
| GHSA-vvjj-xcjg-gr5g | |
| Directory Traversal | |
| CVE-2026-2391 | |
| GHSA-w5hq-g745-h8pq | |
| XML Injection | |